[activemq] branch master updated: AMQ-8116 ActiveMQWildcardPermission buggy

[jbonofre]

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/master by this push:
     new 9cf9d20  AMQ-8116 ActiveMQWildcardPermission buggy
     new 33635f5  Merge pull request #602 from ikucuze/master
9cf9d20 is described below

commit 9cf9d20d51590218368f87fb54aeb0505c862461
Author: ikucuze <37959812+ikuc...@users.noreply.github.com>
AuthorDate: Wed Jan 6 11:26:30 2021 +0100

    AMQ-8116 ActiveMQWildcardPermission buggy
    
    ActiveMQWildcardPermission with multiple tokens inconsistent with parent
    WildcardPermission class
    
    Update ActiveMQWildcardPermission.java
    
    add testcase
---
 .../shiro/authz/ActiveMQWildcardPermission.java    | 25 ++++++++++++++--------
 .../authz/ActiveMQWildcardPermissionTest.java      |  4 ++++
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git 
a/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermission.java
 
b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermission.java
index 38a514c..92854cd 100644
--- 
a/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermission.java
+++ 
b/activemq-shiro/src/main/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermission.java
@@ -59,18 +59,25 @@ public class ActiveMQWildcardPermission extends 
WildcardPermission {
             } else {
                 Set<String> thisPart = getParts().get(i);
 
-                for (String token : thisPart) {
-                    if (token.equals(WILDCARD_TOKEN)) {
-                        continue;
+                // all tokens from otherPart must pass at least one token from 
thisPart
+                for (String otherToken : otherPart) {
+                    if (!caseSensitive) {
+                        otherToken = otherToken.toLowerCase();
                     }
-                    for (String otherToken : otherPart) {
-                        if (!caseSensitive) {
-                            otherToken = otherToken.toLowerCase();
+                       boolean otherIsMatched = false;
+                       for (String token : thisPart) {
+                        if (token.equals(WILDCARD_TOKEN)) {
+                               otherIsMatched = true;
+                               break;
                         }
-                        if (!matches(token, otherToken)) {
-                            return false;
+                        if (matches(token, otherToken)) {
+                               otherIsMatched = true;
+                               break;
                         }
-                    }
+                       }
+                       if (!otherIsMatched) {
+                               return false;
+                       }
                 }
                 i++;
             }
diff --git 
a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
 
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
index 515aeeb..a246722 100644
--- 
a/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
+++ 
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/authz/ActiveMQWildcardPermissionTest.java
@@ -117,6 +117,10 @@ public class ActiveMQWildcardPermissionTest {
         assertNoMatch("*:ActiveMQ*", "topic:TEST:*");
         assertMatch("topic:ActiveMQ.Advisory*", 
"topic:ActiveMQ.Advisory.Connection:create");
         assertMatch("foo?ar", "foobar");
+        
+        assertMatch("queue:*:read,write", "queue:testqueue:read");
+        assertMatch("queue:*:read,write", "queue:test*:read,write");
+        assertNoMatch("queue:*:read,write", "queue:*:read,write,delete");
     }
 
     protected static void assertMatch(String pattern, String value) {